none
Unable to connect to the VPN with the Error 800 & 807 RRS feed

  • Question

  • Hi,

    We have Small Business Server 2011 Standard and we have a VPN setup which was working fine up untill last week when all of a sudden all users now get the following Error 800.  I've also tried setting my client machine to use PPTP as the VPN type rather than Auto to get a more specific error message which is Error 807.  Please see below;

    - I have checked and added all the relevent ports to the router firewall and when I check the router log it does show that the requests are coming through and being passed onto the server.

    - I've tried using various workstations with different operating systems and I am able to ping the server.  So the issue doesn't seem to be from the client side.

    - I have tried to run the diagnostic option shown in the above image but as always that did not come back with anything.

    - I have tried to also disable the firewalls of the client and the server but this still didn't work.

    So I am now baffled as to why this has stopped working.  Please help if you can.

    Thanks in advance. Aria.


    • Edited by Aria3 Wednesday, November 21, 2012 4:22 PM
    Wednesday, November 21, 2012 4:21 PM

Answers

  • Guys, I have finally managed to sort the issue by;

    1. Going to Routing & Remote Access

    2. Right clicking on the local server I need VPN access to and going to properties.

    3. On the Security tab although all the settings were correct I set them as another setting, clicked ok then went back into the security tab and set them back to the normal setting, in my case; Authentication method MS-CHAP 2, untick IPSEC & HTTP and set certificate as default.

    4. Once I did that I also reset the client machines VPN setting to conform to the server settings.

    5. Finally I rebooted the router.

    All seems to be back to normal and working now.  Very strange issue!  Hope that helps someone!

    • Marked as answer by Aria3 Wednesday, February 13, 2013 12:21 PM
    Wednesday, February 13, 2013 12:21 PM

All replies

  • Can you show us a screen shot of your router firewall please? Can you also confirm the make and model of your router/firewall?


    Thanks!


    Ben Weinberg
    Prime-Networks
    www.prime-networks.co.uk

    Please post the resolution to your issue so that everyone can benefit

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, November 21, 2012 5:19 PM
  • Yep Here is the screen shot of the router and it's a Netgear DG834.  None of the setting on the router were changed though and it was working before.

    Wednesday, November 21, 2012 6:08 PM
  • Can you check the server application and system log for any RAS errors / warnings?

    What version of the firmware is the dg845 on?

    I believe there is a GRE Fix for one of the early versions.


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Wednesday, November 21, 2012 6:12 PM
    Moderator
  • and by the way you have a LOT of things open there that you usually would not need.

    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Wednesday, November 21, 2012 6:14 PM
    Moderator
  • I couldn't find any RAS errors or warnings.

    THe routers firmware is V4.01.28

    Wednesday, November 21, 2012 6:21 PM
  • All other services running ok? HTTPS etc?

    http://support.netgear.com/product/DG834v4

    Any errors or warnings at all?

    Anything changed? new ISP? upgrade of ISP Service?

    how do you VPN in, by name or IP Address?


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk


    Wednesday, November 21, 2012 6:22 PM
    Moderator
  • I'm not sure what services are meant to be running, could you let me know and I'll check.  There is not service called HTTPS.

    There is no warnings or errors that I can see which might relate to this.

    We VPN by IP address and no as far as I'm aware nothing has changed.  I'll have a look at the link you sent.

    • Edited by Aria3 Wednesday, November 21, 2012 6:31 PM
    Wednesday, November 21, 2012 6:27 PM
  • I am still suffering from this problem.  Is there no one out there that knows how to sort out this VPN problem or at least know how I can find out what's causing the issue?

    Friday, November 30, 2012 1:21 PM
  • First principles: this apparently happened without any configuration changes being made, so the first thing to try is to reboot everything, including the network switch(es). The missing link here is *protocol* (not port) 47, GRE, and this is handled by everything in the path differently from TCP and UDP. GRE handling can break somewhere without affecting any other protocol.

    Next, can a computer on the LAN open a VPN connection to the server? This should work, and will tell you whether the problem is with the server (and if you can bring in one of the normal clients to do this, the client also) or the transmission path.

    If the server seems OK, then the problem gets more difficult. Are the clients connecting from different locations? If so, this should rule out the client-end routers. The next suspect is the server-end router, and there's not much you can do to test this apart from borrowing or buying another router and substituting it. The Internet router is frequently the source of troubles, at this level they are not expensive (compared with your time) and it is worth having a spare, not necessarily of the same model. The different versions of DG834 are significantly different in hardware terms, I have a v5 and have used a few v2s, and your firmware looks right for a v3. It is possible for corruption of the router flash memory to require a factory reset to clear, though doing that should be a last resort.

    And you do have more open on the router than is wise. DNS should never be open inbound, don't bother with HTTPS as you have a custom rule covering that, and I really don't like to see FTP exposed to the Net by anything, least of all an SBS. That is an accident waiting to happen, and there are much more secure ways to shift files. There's also no point leaving open the exotic VPNs if you use PPTP, and if you have the certificates set up and SBS configuration done for one of the others, there's no point using PPTP. The single 'service' VPN-PPTP covers both TCP/1723 and protocol 47, so there's no need for a separate rule for GRE, and I don't believe the DG834 can explicitly forward protocols anyway. I've yet to see a small commercial router which can. Opening TCP or UDP port 47 will achieve nothing here (though some routers know what you really mean when you do that).

    Joe

    • Marked as answer by James XiongModerator Tuesday, December 4, 2012 7:04 AM
    • Unmarked as answer by Aria3 Thursday, December 6, 2012 3:51 PM
    Friday, November 30, 2012 10:42 PM
  • Hi Joe,

    Thank you for your message.  Here is that answers to your suggestions;

    - I've tried a computer on the LAN and it still can not open a VPN connection to the server.

    - Clients can not connect no matter where they are.  I've tried multiple locations with different client side routers.  So I think the issue is either with the server or the server side router (DG834).  I have contacted netgear and I'm in the early stages of them looking into it to see if it's something they can help with.  But unfortunetly they have not replied for a while now!

    - Thank you for the advise on the open ports.  I will close them immediately.  The router was setup by my predecessor and I never really paid much attention to the ports till now.

    Thursday, December 6, 2012 4:03 PM
  • Guys, I have finally managed to sort the issue by;

    1. Going to Routing & Remote Access

    2. Right clicking on the local server I need VPN access to and going to properties.

    3. On the Security tab although all the settings were correct I set them as another setting, clicked ok then went back into the security tab and set them back to the normal setting, in my case; Authentication method MS-CHAP 2, untick IPSEC & HTTP and set certificate as default.

    4. Once I did that I also reset the client machines VPN setting to conform to the server settings.

    5. Finally I rebooted the router.

    All seems to be back to normal and working now.  Very strange issue!  Hope that helps someone!

    • Marked as answer by Aria3 Wednesday, February 13, 2013 12:21 PM
    Wednesday, February 13, 2013 12:21 PM